Summary
This host is running Cybozu Office, Cybozu Garoon, Cybozu Dezie or Cybozu MailWise and is prone to cross site scripting vulnerability.
Impact
Successful exploitation could allow remote attackers to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
Impact Level: Application
Solution
Upgrade to Cybozu Garoon version 2.5.0, Cybozu Office version 7 Cybozu Dezie version 6.1, Cybozu Mailwise version 3.1 or later.
For updates refer to http://products.cybozu.co.jp/
Insight
The flaw is caused by improper validation of unspecified input related to downloading images from the mail system, which allows attackers to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
Affected
Cybozu Office version 6
Cybozu Dezie versions before 6.1
Cybozu MailWise versions before 3.1
Cybozu Garoon versions 2.0.0 through 2.1.3
References
Severity
Classification
-
CVE CVE-2011-1334 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Allegro RomPager HTTP Referer Header Cross Site Scripting Vulnerability
- 2532|Gigs Directory Traversal And SQL Injection Multiple Vulnerabilities
- Apache Struts Cross Site Scripting Vulnerability
- An Image Gallery Multiple Cross-Site Scripting Vulnerability
- AdaptCMS 'init.php' Remote File Include Vulnerability